9d4a932656
Signed-off-by: Monis Khan <mok@vmware.com>
50 lines
1.3 KiB
Go
50 lines
1.3 KiB
Go
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package phttp
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"net/http"
|
|
"time"
|
|
|
|
"k8s.io/apimachinery/pkg/util/net"
|
|
"k8s.io/client-go/rest"
|
|
"k8s.io/client-go/transport"
|
|
|
|
"go.pinniped.dev/internal/crypto/ptls"
|
|
"go.pinniped.dev/internal/plog"
|
|
)
|
|
|
|
func Default(rootCAs *x509.CertPool) *http.Client {
|
|
return buildClient(ptls.Default, rootCAs)
|
|
}
|
|
|
|
func Secure(rootCAs *x509.CertPool) *http.Client {
|
|
return buildClient(ptls.Secure, rootCAs)
|
|
}
|
|
|
|
func buildClient(tlsConfigFunc ptls.ConfigFunc, rootCAs *x509.CertPool) *http.Client {
|
|
baseRT := defaultTransport()
|
|
baseRT.TLSClientConfig = tlsConfigFunc(rootCAs)
|
|
|
|
return &http.Client{
|
|
Transport: defaultWrap(baseRT),
|
|
Timeout: 3 * time.Hour, // make it impossible for requests to hang indefinitely
|
|
}
|
|
}
|
|
|
|
func defaultTransport() *http.Transport {
|
|
baseRT := http.DefaultTransport.(*http.Transport).Clone()
|
|
net.SetTransportDefaults(baseRT)
|
|
baseRT.MaxIdleConnsPerHost = 25 // copied from client-go
|
|
return baseRT
|
|
}
|
|
|
|
func defaultWrap(rt http.RoundTripper) http.RoundTripper {
|
|
rt = safeDebugWrappers(rt, transport.DebugWrappers, func() bool { return plog.Enabled(plog.LevelTrace) })
|
|
rt = transport.NewUserAgentRoundTripper(rest.DefaultKubernetesUserAgent(), rt)
|
|
rt = warningWrapper(rt, getWarningHandler())
|
|
return rt
|
|
}
|